A. Problem Analysis

1. What was the problem before the implementation of the initiative?

With rapid digitization of Government Services and acceleration of initiatives like Digital India, the identity and authenticity of users accessing any e-Gov service becomes very critical. Privacy of user and Confidentiality of information necessitates mapping of every virtual entity with a single physical person. Hence, Identity Management has become a centrally critical issue for e-Governance Services.
i. No Standard based mechanism for user authentication: There is always a need by various Government departments to authenticate their users while providing the services. Being a large scale of government services in place, there is a different type of authentication mechanisms, standards were being adopted by the individual line departments to authenticate users while providing their services to the citizens.
ii. Issue in maintenance of different credentials for availing government services: Even citizens who are actual users of these services have to remember different credentials and follow different type of guidelines for creating the credentials etc. A large set of services provided by various government department need to establish the identity of the user before providing the access to those services. For example in Public Distribution Scheme there is need to authenticate each user to avoid food-grain, subsidy leakage etc.
iii. Difficulty in achieving strong authentication: There was always a challenge which department had to face to implement a strong authentication for their services. It was not only the implementation challenge with the advancement of technology but also had a cost and time impact for implementation of secure and strong authentication for their services. Before e-Pramaan was implemented as a whole-of-government and centralized national e-authentication framework that any government department in the country could expeditiously onboard, it was a major challenge for government departments and agencies in the country to enable their services with multi-factor authentication as they were required to formulate their own strategies, infrastructure creation and time to time change in their service to accommodate the technological advancement in the area of authentication.
iv. Lack of capacity and skilled personnel: Before e-Pramaan was made available with complete handholding support for departments, absence of adequate capacity and requisite skilled personnel for implementing strong authentication was a major challenge for most government departments that were otherwise interested in adopting standard based e-Authentication for their users.
v. No “single window” solution: before e-Pramaan was made available, there was no one-stop platform for providing e-Authentication with a possibility of achieving authentication using various possible authentication factors and that also in a combination, i.e. authentication chaining as per the need of the end user departments.

B. Strategic Approach

2. What was the solution?

e-Pramaan is a
• Uniform standard based National e-Authentication framework which facilitates authentication of users accessing various government services in a safe and secure manner through desktop as well as mobile.
• e-Pramaan offers multifactor authentication with factors (password, OTP, Digital Certificate and Biometrics) and additional features such as configurable chaining of authentication factors, web site authentication, user identity verification using Aadhaar, PAN and other online available identity providers.
• Multifactor authentication based login through SAML 2.0 based Single Sign On (SSO) for national as well as state level applications in an integrated manner.

3. How did the initiative solve the problem and improve people’s lives?

e-Pramaan a unique nationwide whole-of-government initiative has been conceptualized, owned, funded and implemented by the Ministry of Electronics and Information Technology (MeitY), Government of India, got the administrative approval in 2013 for enabling e-Authentication for users of various government services. A policy framework for National
e-Authentication Framework was notified in Gazette of India and a centralized e-Authentication platform has been created that any government department or agency in the country can expeditiously onboard without having to create its own infrastructure. The vision is to mainstream e-Authentication framework in the country as a compelling new paradigm for providing multi factor authentication for various e-Governance services. It also leverages a support to provide biometric authentication to enhance access to electronic services, especially in the rural areas. It particularly benefits the poor, illiterate, disabled, elderly, and the women in accessing e-governance services using biometric as a factor of authentication
The main objectives are to provide the following to all government departments/agencies in the country:
a. A one-stop solution for achieving e-Authentication using various standard based authentication factors.
b. A central cloud-based platform for departments to expeditiously achieving strong authentication without the need to create their own infrastructure.
c. A platform based on open standards and open source that enables seamless integration and interoperability with common and existing e-governance infrastructure in the country.
The target audience for the initiative consists of all government departments/agencies at the central, state, and local levels as well as all citizens and businesses in the country.
The initiative helped address the problems mentioned earlier as it made access to government services much wider and easier to people, especially in rural areas. It particularly benefits the poor, illiterate, disabled, elderly and the women as it is difficult for them to remember credentials while availing government services. Biometric as an authentication factor can help those segment of people to prove their identities.
Innovative strategies were adopted to bring about the transformation and positive impact. These are highlighted below:
a. A National e-Authentication Framework, i.e. e-Pramaan was notified after extensive consultations across government, industry, civil society, and citizens. This policy acts as the prime driver for departments across the nation towards e-Authentication for various services.
b. Complete handholding support to departments for integration of e-Pramaan with their applications and enabling strong authentication as per the need of the department.
c. The platform has been developed based on open standards and open source and is scalable and interoperable.
d. Simplified on-boarding/ self-service mechanism has been made available to all integrating departments and agencies.
e. Departments have the flexibility of upgrading or downgrading the strength of authentication based upon the sensitivity of the application in a single click of configuration without impacting the overall working of the application.
f. The Citizens also have an advantage of using the same credentials across various e-Governance services with a Single Sign On (SSO) provided by the e-Pramaan.
g. A support of Biometric based authentication using ASA-AUA services for Aadhar based authentication
h. Also, the efficient service delivery mechanism has helped the departments to stop the leakages and the pilferages in the system. Now the intended and authenticated beneficiaries are the ones who are able to avail the government services and programs. This has helped the officials in the Health, Agriculture and Social Justice departments to deliver their services to intended beneficiaries and this has especially helped in providing government benefits to the poor, women and farmers.

C. Execution and Implementation

4. In which ways is the initiative creative and innovative?

The initiative is highly creative and innovative as explained below:
a. It is the first whole-of-government, centrally hosted and cloud based platform for delivering e-Authentication service to various department at National, State and local levels.
b. It is a unique nationwide initiative which any central, state or local government department/agency can onboard immediately through an online self-service mode by registering on the e-Pramaan department portal. They need not have to create their own authentication management portal.
c. Departments need not have any technical expertise as MeitY provides complete handholding and 24x7 support.
d. Departments need not to worry about the technological advancement in the area of e-authentication and the implementation of standard based authentication for their applications.
e. Departments need not to go through the tedious process of managing the authentication details for the users and updating them on time to time basis depending upon the prevalent threats w.r.t to identity thefts.
f. Departments also has the flexibility of upgrading or downgrading of strength of authentication based upon the sensitivity of the application in a single click ,without impacting the overall working of the application.

5. Who implemented the initiative and what is the size of the population affected by this initiative?

In an endeavour to enhance the trust of users amidst the online environment, the Ministry of Electronics and Information Technology (MeitY), Government of India has conceptualized “e-Pramaan: Framework for e-Authentication”.
The development and implementation of e-Pramaan on a pan India level has been undertaken by C-DAC, a scientific society. The aim is to provide a seamless authentication service to the users.
The target population for e-Pramaan has been all the citizens availing e-Governance services as offered by various state and national level departments. As e-Governance services have made deep inroads on the back of increased IT awareness and installation, the population covered is substantial.

6. How was the strategy implemented and what resources were mobilized?

The National e-Governance plan of Government of India took a holistic view of the e-Governance activities in India and integrated them into a collective vision. It was evident that a massive countrywide IT was being laid down, reaching to the remotest corner of the country. As a result, many government departments provided their services to the users through electronic means. The online service delivery mechanism generated the need for electronically authenticating the identity of the users so that each service or benefit scheme reached its intended recipient in a secure manner. With this in background, the Ministry of Electronics and Information Technology (MeitY) conceptualised the idea of e-Pramaan in an endeavour to increase the trust of citizens in the online environment. CDAC Mumbai was chosen as the implementation agency for the project. And once the seed were sown for the idea, work was started in earnest towards creating this framework.
First, a draft framework was prepared and published on the ministry website and circulated to all line ministries and departments for feedback and comments from different stakeholders. After extensive consultation, the framework was approved and released. Under this framework, a key implementation strategy was to develop e-Pramaan framework was undertaken.
Further, a phase wise implementation plan was developed and deliverables were decided. Also, based on the requirements, a budget for approx. $ 4 MM was proposed by CDAC for execution of the project. The budget was approved by MeitY, an administrative approval was given and the development on the project started. Regular meetings between MeitY and the CDAC Team have ensured that the project has been on track and the milestones have been achieved well before the deadlines.
Also, CDAC Mumbai has mobilized a team of 20 resources to execute the project.

7. Who were the stakeholders involved in the design of the initiative and in its implementation?

8. What were the most successful outputs and why was the initiative effective?

Initiative was effective not only for Citizens but also for Departments providing e-Governance services to citizens.
a. Centralized and cloud based infrastructure: A centralized and cloud based infrastructure for the initiative has been created and made operational by MeitY. As the entire infrastructure is cloud based with a very simple on- boarding mechanism, departments and agencies need not create their own infrastructure. This has saved substantial costs, time and effort on their part. Centralized e-Authentication service and integration with cloud based infrastructure has also encouraged the departments to conduct significant business process reengineering (BPR) of their existing processes to take maximum advantage of the new platform. This has helped them in simplifying their procedures, introducing greater transparency, and providing various secured options of identity verifications to citizens.
b. Dedicated Project Team: A dedicated project team consisting of 20 technical professionals has been put in place at C-DAC, the implementing agency, for spearheading the technical development work and provide complete handholding support to all the government departments and agencies.
c. Benefits to Departments
• Multi Technology Support of Integrating the Department Applications
• Common User directory
• Cost and Time saving by reducing the duplication of similar effort at each application level
• Configurable up-gradation of authentication factors using authentication chaining
• Supports for role authorization
d. Benefits to Citizens
• Single Window access to e-Governance services
• Unified Digital Profile
• Secure and seamless Single Sign On (SSO)
• Data Security and Privacy
• Authentic service access

9. What were the main obstacles encountered and how were they overcome?

In the successful implementation of e-Pramaan the team had to face many challenges and ambiguities which are common in a project of such a scale. However, due to the resilience of the team it was possible to overcome these challenges and come up with feasible solutions.
a. Forging a consensus for formulation of a policy framework for e-Authentication was a major challenge as all the relevant stakeholders had to be consulted and brought on board. MeitY notified the Framework for e-Authentication after extensive consultations with all the stakeholders. It now acts as the prime driver for a whole-of-government approach towards e-authentication enablement. The challenge of forging a common understanding and consensus among stakeholders was overcome by conducting the consultation process totally transparently and laying out the objectives of the initiative and strategies for implementation clearly.
b. Convincing government departments across the country to expeditiously integrate with e-Pramaan was another major challenge. An extensive awareness drive was launched to convey the unique value proposition and benefits of the platform as a one stop gateway fore-Authentication.
c. Capacity building of the departments/agencies for e-Authentication was a major challenge as most of the departments lack capacity for readily using the platform. This was overcome by providing complete handholding support to them for integrating with e-Praaman.
d. A generic profile was needed for structuring the user data which was acceptable to all. The National Demographic Standard was then used as a base and it was acceptable to all.
e. The user departments needed a seamless integration with application. Thus, SAML connectors were developed in various languages, i.e. PHP, .Net and Java, thus ensuring smooth integration.

D. Impact and Sustainability

10. What were the key benefits resulting from this initiative?

There have been several impacts of this initiative which are discussed below.
a. Significant savings in time, effort and cost: As the e-Pramaan is centrally hosted and cloud based, departments need not invest any resources in creating their own infrastructure. Hence, it has led to very significant savings in time, efforts, and costs for them. It has resulted in greater efficiency in use of existing departmental resources and has reduced the time required for delivery of services.
b. Access to all government departments: Departments need not have any technical expertise or an in-house technical team to integrate with e-Pramaan. MeitY provides complete handholding and full 24x7 support to all departments through its C-DAC technical team.
c. Effectiveness of outcomes: The effectiveness has been enhanced significantly for all the stakeholders including the citizens, businesses, etc. Citizens need not to remember multiple credentials to avail the government services. Departments also have an opportunity to avail best of the e-Authentication for their applications and identification of users through e-Pramaan.
d. Following are the broad level benefits provided by e-Pramaan to citizens as well as to the department.
• Transparent and secure governance
• Reliable source for available services
• Attempt to collate all the identity proofs to reduce fraud, duplication and ensure more precise user profiling
• No data on gender / social dividers thereby supporting social inclusiveness and equality
• Inclusion of different types of authentication to cater to population of varying literary abilities. Biometric authentication for inclusion of rural India
Impact: e-Pramaan, a multifactor authentication framework has not only helped citizens but also to the e-Governance service providers by providing them with the multiple factors of authentication to choose from. e-Governance service provider departments have the flexibility of upgrading or downgrading of strength of authentication based upon the sensitivity of the application in a single click of configuration without impacting the overall working of the application. Citizens also have an advantage of using the same credentials across various e-Governance services with a Single Sign On (SSO) provided by the e-Pramaan. For example, a citizen willing to apply for the passport and also has to file a Tax Return has to maintain different credentials being expected by both the passport and tax services. Being part of e-Pramaan, a uniform authentication mechanism can be adopted and citizens need not to maintain different credentials for accessing the government services. Service providers also have an advantage of choosing the appropriate authentication mechanism based on the sensitivity of their services.

11. Did the initiative improve integrity and/or accountability in public service? (If applicable)

12. Were special measures put in place to ensure that the initiative benefits women and girls and improves the situation of the poorest and most vulnerable? (If applicable)